CAF Outcome B3.a: Understanding Data

From the UK NCSC's Cyber Assessment Framework (version 3.1):

You have a good understanding of data important to the operation of the essential function, where it is stored, where it travels and how unavailability or unauthorised access, modification or deletion would adversely impact the essential function. This also applies to third parties storing or accessing data important to the operation of essential functions.

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

NCSC CAF Mapped to NIST CSF

B3.a: Understanding Data to CSF mappings generated from UK Cabinet Office table.

Control ID Description
PR.IP-6 Data is destroyed according to policy
ID.RA-3 Threats, both internal and external, are identified and documented
PR.DS-5 Protections against data leaks are implemented
ID.AM-4 External information systems are catalogued
PR.PT-2 Removable media is protected and its use restricted according to policy
ID.BE-4 Dependencies and critical functions for delivery of critical services are established
ID.AM-2 Software platforms and applications within the organization are inventoried
ID.AM-3 Organizational communication and data flows are mapped
PR.DS-4 Adequate capacity to ensure availability is maintained
ID.AM-1 Physical devices and systems within the organization are inventoried

Related ISA/IEC 62443 Controls

Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CAF outcome, taken from mappings by Ofgem.

  • Maintain information classifications (4.3.4.4.6)
    ISA/IEC 62443-2-1:2009

Related ISO 27001 Controls

Clauses and controls from ISO 27001 (2013) which are related to this CAF outcome, taken from mappings by Ofgem.

  • Capacity management (12.1.3)
    ISO 27001:2013
  • Protecting application services transactions (14.1.3)
    ISO 27001:2013
  • Classification of information (8.2.1)
    ISO 27001:2013
  • Inventory of assets (8.1.1)
    ISO 27001:2013

Related SP800-53 Controls

Generated from NISTs SP800-53/CSF Crosswalk mappings.

Node
MP-6: Media Sanitization
PM-16: Threat Awareness Program
PM-12: Insider Threat Program
SI-5: Security Alerts, Advisories, and Directives
RA-3: Risk Assessment
PE-19: Information Leakage
SC-31: Covert Channel Analysis
AC-5: Separation of Duties
AC-6: Least Privilege
AC-4: Information Flow Enforcement
SI-4: System Monitoring
SC-7: Boundary Protection
PS-6: Access Agreements
SC-13: Cryptographic Protection
SC-8: Transmission Confidentiality and Integrity
PS-3: Personnel Screening
SA-9: External System Services
AC-20: Use of External Systems
MP-5: Media Transport
MP-4: Media Storage
MP-3: Media Marking
MP-8: Media Downgrading
MP-2: Media Access
MP-7: Media Use
SA-14: Criticality Analysis
CP-8: Telecommunications Services
PE-11: Emergency Power
PE-9: Power Equipment and Cabling
PM-8: Critical Infrastructure Plan
PM-5: System Inventory
CM-8: System Component Inventory
PL-8: Security and Privacy Architectures
CA-9: Internal System Connections
CA-3: Information Exchange
SC-5: Denial-of-service Protection
CP-2: Contingency Plan
AU-4: Audit Log Storage Capacity